TITLE:
Empirical Investigation of Threats to Loyalty Programs by Using Models Inspired by the Gordon-Loeb Formulation of Security Investment
AUTHORS:
Shiori Shinoda, Kanta Matsuura
KEYWORDS:
Loyalty Program, Security Investment, Gordon-Loeb Model, Liquidity, Information Security Economics
JOURNAL NAME:
Journal of Information Security,
Vol.7 No.2,
March
17,
2016
ABSTRACT: Loyalty program (LP) is
a popular marketing activity of enterprises. As a result of firms’ effort to
increase customers’ loyalty, point exchange or redemption services are now
available worldwide. These services attract not only customers but also
attackers. In pioneering research, which first focused on this LP security
problem, an empirical analysis based on Japanese data is shown to see the
effects of LP-point liquidity on damages caused by security incidents. We
revisit the empirical models in which the choice of variables is inspired by
the Gordon-Loeb formulation of security investment: damage, investment,
vulnerability, and threat. The liquidity of LP points corresponds to the threat
in the formulation and plays an important role in the empirical study because
it particularly captures the feature of LP networks. However, the actual proxy
used in the former study is artificial. In this paper, we reconsider the
liquidity definition based on a further observation of LP security incidents.
By using newly defined proxies corresponding to the threat as well as other refined
proxies, we test hypotheses to derive more implications that help LP operators
to manage partnerships; the implications are consistent with recent changes in
the LP network. Thus we can see the impacts of security investment models
include a wider range of empirical studies.